It is not possible to write bug-free software. The way to deal with inevitable software (and hardware) failures is to have an independent backup system. This is how airplanes are designed, and the safety record speaks volumes that this works.
The way to deal with a bad update is to have another image of the software in ROM (so it cannot be altered) that can be switched to. This backup program may have reduced capability, but it should be able to get you home or to the dealer.
Airplanes do not receive OtA updates, nor does every system have a backup. Airplane software is developed to a very high safety standards, which mostly, but not always works. But this is not applicable here. A key part of airplane safety is constant monitoring and maintenance. If a component needs a software update, some technician will manually perform the update and do the required tests. This simply can not work in automotive.
The way to deal with a bad update is to have another image of the software in ROM (so it cannot be altered) that can be switched to. This backup program may have reduced capability, but it should be able to get you home or to the dealer.